WEBVTT

00:00.000 --> 00:05.000
.

00:05.000 --> 00:10.000
.

00:10.000 --> 00:14.000
.

00:14.000 --> 00:22.000
.

00:22.000 --> 00:27.000
.

00:27.000 --> 00:48.000
.

00:48.000 --> 00:50.000
.

00:50.000 --> 00:53.000
.

00:53.000 --> 00:58.000
.

00:58.000 --> 01:03.000
.

01:03.000 --> 01:08.000
.

01:08.000 --> 01:13.000
.

01:13.000 --> 01:18.000
.

01:18.000 --> 01:21.000
.

01:21.000 --> 01:26.000
.

01:26.000 --> 01:31.000
.

01:31.000 --> 01:36.000
.

01:36.000 --> 01:41.000
.

01:41.000 --> 01:46.000
.

01:46.000 --> 01:51.000
.

01:51.000 --> 01:56.000
.

01:56.000 --> 02:00.000
.

02:00.000 --> 02:04.000
.

02:04.000 --> 02:08.000
.

02:08.000 --> 02:12.000
.

02:12.000 --> 02:17.000
.

02:17.000 --> 02:22.000
.

02:22.000 --> 02:26.000
.

02:26.000 --> 02:30.000
.

02:30.000 --> 02:34.000
.

02:34.000 --> 02:38.000
.

02:38.000 --> 02:43.000
.

02:43.000 --> 02:48.000
.

02:48.000 --> 02:52.000
.

02:52.000 --> 02:56.000
.

02:56.000 --> 03:00.000
.

03:00.000 --> 03:05.000
.

03:05.000 --> 03:10.000
.

03:10.000 --> 03:13.000
.

03:13.000 --> 03:15.000
.

03:15.000 --> 03:19.000
.

03:19.000 --> 03:23.000
.

03:23.000 --> 03:27.000
.

03:27.000 --> 03:31.000
.

03:31.000 --> 03:32.000
.

03:32.000 --> 03:36.000
.

03:36.000 --> 03:41.000
.

03:41.000 --> 03:45.000
.

03:45.000 --> 03:49.000
.

03:49.000 --> 03:53.000
.

03:53.000 --> 03:57.000
.

03:57.000 --> 03:58.000
.

03:58.000 --> 04:02.000
.

04:02.000 --> 04:06.000
.

04:06.000 --> 04:07.000
.

04:07.000 --> 04:11.000
.

04:11.000 --> 04:15.000
.

04:15.000 --> 04:19.000
.

04:19.000 --> 04:24.000
.

04:24.000 --> 04:25.000
.

04:25.000 --> 04:29.000
.

04:29.000 --> 04:34.000
.

04:34.000 --> 04:38.000
.

04:38.000 --> 04:39.000
.

04:39.000 --> 04:43.000
.

04:43.000 --> 04:46.000
.

04:46.000 --> 04:50.000
.

04:50.000 --> 04:51.000
.

04:51.000 --> 04:52.000
.

04:52.000 --> 04:56.000
.

04:56.000 --> 05:01.000
.

05:01.000 --> 05:03.000
.

05:03.000 --> 05:07.000
.

05:07.000 --> 05:11.000
.

05:11.000 --> 05:15.000
.

05:15.000 --> 05:17.000
.

05:17.000 --> 05:20.000
.

05:20.000 --> 05:21.000
.

05:21.000 --> 05:25.000
.

05:25.000 --> 05:30.000
.

05:30.000 --> 05:34.000
.

05:34.000 --> 05:35.000
.

05:35.000 --> 05:39.000
.

05:39.000 --> 05:43.000
.

05:43.000 --> 05:47.000
.

05:47.000 --> 05:48.000
.

05:48.000 --> 05:49.000
.

05:49.000 --> 05:53.000
.

05:53.000 --> 05:57.000
.

05:57.000 --> 05:58.000
.

05:58.000 --> 06:02.000
.

06:02.000 --> 06:03.000
.

06:03.000 --> 06:08.000
.

06:08.000 --> 06:13.000
.

06:13.000 --> 06:16.000
.

06:16.000 --> 06:17.000
.

06:17.000 --> 06:21.000
.

06:21.000 --> 06:25.000
.

06:25.000 --> 06:26.000
.

06:26.000 --> 06:30.000
.

06:30.000 --> 06:31.000
.

06:31.000 --> 06:35.000
.

06:35.000 --> 06:39.000
.

06:39.000 --> 06:43.000
.

06:43.000 --> 06:44.000
.

06:44.000 --> 06:45.000
.

06:45.000 --> 06:49.000
.

06:49.000 --> 06:54.000
.

06:54.000 --> 06:58.000
.

06:58.000 --> 07:02.000
.

07:02.000 --> 07:06.000
.

07:06.000 --> 07:10.000
.

07:10.000 --> 07:11.000
.

07:11.000 --> 07:12.000
.

07:12.000 --> 07:16.000
.

07:16.000 --> 07:21.000
.

07:21.000 --> 07:25.000
.

07:25.000 --> 07:29.000
.

07:29.000 --> 07:33.000
.

07:33.000 --> 07:37.000
.

07:37.000 --> 07:38.000
.

07:38.000 --> 07:39.000
.

07:39.000 --> 07:43.000
.

07:43.000 --> 07:47.000
.

07:47.000 --> 07:48.000
.

07:48.000 --> 07:51.000
.

07:51.000 --> 07:52.000
.

07:52.000 --> 07:56.000
.

07:56.000 --> 08:00.000
.

08:00.000 --> 08:04.000
.

08:04.000 --> 08:06.000
.

08:06.000 --> 08:07.000
.

08:07.000 --> 08:08.000
.

08:08.000 --> 08:12.000
.

08:12.000 --> 08:17.000
.

08:17.000 --> 08:21.000
.

08:21.000 --> 08:22.000
.

08:22.000 --> 08:26.000
.

08:26.000 --> 08:29.000
.

08:29.000 --> 08:34.000
.

08:34.000 --> 08:35.000
.

08:35.000 --> 08:36.000
.

08:36.000 --> 08:40.000
.

08:40.000 --> 08:45.000
.

08:45.000 --> 08:49.000
.

08:49.000 --> 08:53.000
.

08:53.000 --> 08:57.000
.

08:57.000 --> 09:01.000
.

09:01.000 --> 09:02.000
.

09:02.000 --> 09:03.000
.

09:03.000 --> 09:07.000
.

09:07.000 --> 09:12.000
.

09:12.000 --> 09:16.000
.

09:16.000 --> 09:18.000
.

09:18.000 --> 09:22.000
.

09:22.000 --> 09:24.000
.

09:24.000 --> 09:28.000
.

09:28.000 --> 09:29.000
.

09:29.000 --> 09:30.000
.

09:30.000 --> 09:34.000
.

09:34.000 --> 09:39.000
.

09:39.000 --> 09:43.000
.

09:43.000 --> 09:47.000
.

09:47.000 --> 09:51.000
.

09:51.000 --> 09:55.000
.

09:55.000 --> 09:56.000
.

09:56.000 --> 10:00.000
.

10:00.000 --> 10:04.000
.

10:04.000 --> 10:05.000
.

10:05.000 --> 10:09.000
.

10:09.000 --> 10:10.000
.

10:10.000 --> 10:14.000
.

10:14.000 --> 10:18.000
.

10:18.000 --> 10:22.000
.

10:22.000 --> 10:23.000
.

10:23.000 --> 10:24.000
.

10:25.000 --> 10:27.000
.

10:27.000 --> 10:29.000
.

10:29.000 --> 10:30.000
.

10:30.000 --> 10:34.000
.

10:34.000 --> 10:36.000
.

10:36.000 --> 10:38.000
.

10:38.000 --> 10:40.000
.

10:40.000 --> 10:42.000
.

10:42.000 --> 10:44.000
.

10:44.000 --> 10:47.000
.

10:47.000 --> 10:50.000
.

10:50.000 --> 10:51.000
.

10:51.000 --> 10:55.000
after being creation.

10:55.000 --> 10:59.000
On circular with the flipping is a default, and it's a new tab.

10:59.000 --> 11:01.000
However, it's a familiar.

11:01.000 --> 11:06.000
It can not keep created attestation key.

11:06.000 --> 11:11.000
On the other hand, AWS Azure GCP can keep

11:11.000 --> 11:19.000
attestation key.

11:19.000 --> 11:26.000
However, we don't know that key is kept

11:26.000 --> 11:31.000
after boot.

11:31.000 --> 11:34.000
The estimation of secure boot also depends on

11:34.000 --> 11:36.000
crowd benders.

11:36.000 --> 11:42.000
AWS and Sakura cannot set secure boot.

11:42.000 --> 11:46.000
On the other hand, Azure and GCP can set

11:46.000 --> 11:50.000
as well as can change the status of secure boot.

11:50.000 --> 11:54.000
However, GCP can not.

11:54.000 --> 11:57.000
Okay.

11:57.000 --> 12:05.000
So, I investigate the status of TPN persistent keys.

12:05.000 --> 12:11.000
So, we can set endorsement key and attestation key

12:11.000 --> 12:16.000
to the number of memory of boot EPN.

12:16.000 --> 12:21.000
It can save after reboot, except Sakura,

12:21.000 --> 12:26.000
because Sakura is a merit EPN.

12:26.000 --> 12:31.000
But we cannot know that key is saved safely

12:31.000 --> 12:33.000
after power on.

12:33.000 --> 12:39.000
If you have answer, please tell me.

12:39.000 --> 12:43.000
So, from here, I want to talk about

12:43.000 --> 12:45.000
Internet experience feature.

12:45.000 --> 12:50.000
Internet experience has two types of measurement.

12:50.000 --> 12:56.000
MRTD, measurement of trust domain register.

12:56.000 --> 13:03.000
It keeps the value of TD BIF, trust domain

13:03.000 --> 13:04.000
battery hardware.

13:04.000 --> 13:09.000
On the other hand, RTMR,

13:09.000 --> 13:13.000
Lantang measurement registers.

13:13.000 --> 13:22.000
It protects the registers for RTMR.

13:22.000 --> 13:27.000
So, some component measured after boot power on.

13:27.000 --> 13:30.000
It works as TPN.

13:30.000 --> 13:37.000
Measurement component, and measure of software

13:37.000 --> 13:45.000
is listed in the table.

13:45.000 --> 13:49.000
So, this slide shows two useful,

13:49.000 --> 13:54.000
X.

13:54.000 --> 13:58.000
I got the most interesting result.

13:58.000 --> 14:04.000
On Azure, the measurement by MA,

14:04.000 --> 14:09.000
and TDX code paths are different.

14:09.000 --> 14:15.000
So, it's a lead paths, shows the lead paths,

14:15.000 --> 14:19.000
all that of hash number.

14:19.000 --> 14:26.000
So, I guess it is caused by a difference between TDX buzzer,

14:26.000 --> 14:29.000
because TDX, TDX buzzer,

14:29.000 --> 14:39.000
whole LTDX buzzer 5, over different order.

14:39.000 --> 14:42.000
Most of the interesting result is on Azure,

14:42.000 --> 14:48.000
RTMR shows all zero.

14:48.000 --> 14:55.000
On the other hand, GCP shows some values for RTMR,

14:55.000 --> 14:59.000
from zero to two.

14:59.000 --> 15:03.000
I think this reason is caused from the interface

15:03.000 --> 15:14.000
to get the body of MRTMR, RMTR,

15:14.000 --> 15:17.000
an intermediate register.

15:17.000 --> 15:22.000
So, because Azure does not apply the interface

15:22.000 --> 15:25.000
such as CIS from our SEPI,

15:25.000 --> 15:29.000
slash tables, slash data, slash CCEL.

15:29.000 --> 15:41.000
So, investigate the BTP and the Secular Boot status.

15:41.000 --> 15:48.000
Integrity DX, as well as Integrity DX use,

15:48.000 --> 15:53.000
slash TPM zero, or a test action interface.

15:53.000 --> 15:57.000
On the other hand, GCP use, slash TDX guest.

15:57.000 --> 16:02.000
It's a part by open source interface.

16:02.000 --> 16:12.000
And the situation with TPM and Secular Boot is same to set S&B.

16:12.000 --> 16:19.000
I also investigate the TPM positive keys on TDX.

16:20.000 --> 16:29.000
The situation is same to MD set S&B.

16:29.000 --> 16:33.000
Okay, I want to skip SGX.

16:33.000 --> 16:41.000
I open this slide, please check the data from the slide.

16:41.000 --> 16:45.000
I want to discuss, so the situation will be kept

16:45.000 --> 16:53.000
on Secular Boot, depend on, could have the vendor.

16:53.000 --> 17:03.000
So, only, I'm not sure it's only.

17:03.000 --> 17:13.000
So, it's not measured by SEPI remote attetation.

17:13.000 --> 17:32.000
TPM can measure, however, we can not trust BTP,

17:32.000 --> 17:35.000
or cost attention to William.

17:35.000 --> 17:42.000
And second question is, Interoperability.

17:42.000 --> 17:49.000
So, we can use confidential computing on each credit vendors.

17:49.000 --> 17:53.000
However, the attestation interface is different,

17:53.000 --> 18:00.000
and the result are changed, even if the CPE is same.

18:00.000 --> 18:03.000
The difference may cause interoperability problem,

18:03.000 --> 18:09.000
for example, it migrate to another credit vendors.

18:09.000 --> 18:13.000
So, conclusion.

18:13.000 --> 18:16.000
So, each credit has all each security policy,

18:16.000 --> 18:19.000
and affects the remote attestation.

18:19.000 --> 18:24.000
So, we think we need to understand a situation

18:24.000 --> 18:27.000
when we use confidential computing on credit.

18:27.000 --> 18:32.000
So, trust my guess,

18:32.000 --> 18:36.000
as well as the front of the MCCA,

18:36.000 --> 18:39.000
and I guess the attestation interface

18:39.000 --> 18:42.000
will be slushed-absorbed to TPM zero.

18:42.000 --> 18:45.000
That's all, thank you.

18:45.000 --> 18:52.000
Okay.

18:52.000 --> 18:55.000
So, very nice interesting work.

18:55.000 --> 18:57.000
So, I think this is kind of a negotiation

18:57.000 --> 18:59.000
that I just great with you,

18:59.000 --> 19:02.000
that basically you have the close source

19:02.000 --> 19:04.000
components and all that anyway.

19:04.000 --> 19:07.000
So, on the keyboard ones like that,

19:07.000 --> 19:09.000
the conclusion you have,

19:09.000 --> 19:12.000
so this point, the security policies that the vendors

19:12.000 --> 19:13.000
release.

19:13.000 --> 19:15.000
So, I think that's not good components of system,

19:15.000 --> 19:17.000
but on the slide 7,

19:17.000 --> 19:20.000
if you know there is a weak component of the system.

19:20.000 --> 19:25.000
So, there is a point number 2,

19:25.000 --> 19:27.000
you have standard level of attestation,

19:27.000 --> 19:29.000
without the case certificate.

19:29.000 --> 19:30.000
And here the issue is that,

19:30.000 --> 19:33.000
basically you are trusting everyone in the world,

19:33.000 --> 19:35.000
every server in the world that exists,

19:35.000 --> 19:37.000
can now create this attestation.

19:37.000 --> 19:39.000
And it is only secure,

19:39.000 --> 19:43.000
only in every server in the world is secure.

19:43.000 --> 19:44.000
No keys are the,

19:44.000 --> 19:48.000
no code is injected into the custody application environment.

19:48.000 --> 19:49.000
And this is very discreet.

19:49.000 --> 19:50.000
This leads to diversion attack.

19:50.000 --> 19:53.000
We have a paper, which I will just very briefly talk about.

19:53.000 --> 19:55.000
You might have,

19:55.000 --> 19:56.000
but the point in this,

19:56.000 --> 19:58.000
this is,

19:58.000 --> 19:59.000
security must,

19:59.000 --> 20:00.000
you are not,

20:00.000 --> 20:02.000
instead of trusting the cloud provider,

20:02.000 --> 20:05.000
which you have at least regulatory information,

20:05.000 --> 20:07.000
you are trusting everyone in the world,

20:07.000 --> 20:08.000
which is not good.

20:08.000 --> 20:11.000
And I don't think we should take this direction.

20:11.000 --> 20:12.000
Okay.

20:12.000 --> 20:14.000
I have to repeat the question.

20:14.000 --> 20:17.000
So my question is kind of a concern

20:17.000 --> 20:19.000
with this kind of expectations.

20:19.000 --> 20:20.000
Yeah.

20:20.000 --> 20:21.000
Yeah.

20:21.000 --> 20:23.000
You not only trust the cloud provider itself,

20:23.000 --> 20:27.000
you trust everyone in the world through the means of your,

20:27.000 --> 20:28.000
this tool.

20:28.000 --> 20:30.000
That's my concern.

20:30.000 --> 20:31.000
Yeah.

20:31.000 --> 20:33.000
Your question was,

20:33.000 --> 20:35.000
so,

20:35.000 --> 20:36.000
could I have to bend that?

20:36.000 --> 20:38.000
So,

20:38.000 --> 20:39.000
if,

20:39.000 --> 20:40.000
yeah,

20:40.000 --> 20:41.000
if,

20:41.000 --> 20:42.000
we make up,

20:42.000 --> 20:43.000
so, so,

20:43.000 --> 20:44.000
so,

20:44.000 --> 20:45.000
already,

20:45.000 --> 20:46.000
we need,

20:46.000 --> 20:47.000
to,

20:47.000 --> 20:48.000
opera,

20:51.000 --> 20:53.000
certificate,

20:53.000 --> 20:54.000
certificate itself.

20:54.000 --> 20:56.000
So,

20:56.000 --> 20:57.000
so,

20:57.000 --> 20:59.000
standard attestation,

20:59.000 --> 21:02.000
does not include the certificate,

21:02.000 --> 21:04.000
but it can get from,

21:05.000 --> 21:07.000
from homepage.

21:07.000 --> 21:09.000
The difference is,

21:09.000 --> 21:10.000
the difference is,

21:10.000 --> 21:12.000
attestation included,

21:12.000 --> 21:14.000
MPK certificate,

21:14.000 --> 21:15.000
or not.

21:15.000 --> 21:16.000
However,

21:16.000 --> 21:17.000
the,

21:17.000 --> 21:19.000
such certificate can be,

21:19.000 --> 21:20.000
can,

21:20.000 --> 21:21.000
can,

21:21.000 --> 21:22.000
can get from,

21:22.000 --> 21:23.000
uh,

21:23.000 --> 21:25.000
ship you bend us, for example.

21:25.000 --> 21:26.000
Yeah.

21:26.000 --> 21:28.000
So,

21:28.000 --> 21:29.000
uh,

21:29.000 --> 21:30.000
we can discuss something.

21:30.000 --> 21:31.000
Okay.

21:31.000 --> 21:32.000
That's,

21:33.000 --> 21:34.000
uh,

21:34.000 --> 21:35.000
just,

21:35.000 --> 21:36.000
identification.

21:36.000 --> 21:37.000
You say that,

21:37.000 --> 21:38.000
your wood,

21:38.000 --> 21:39.000
uh,

21:39.000 --> 21:40.000
state is mutable,

21:40.000 --> 21:41.000
does it mean that,

21:41.000 --> 21:42.000
you are still in set-up model,

21:42.000 --> 21:44.000
and you can inject new custom keys.

21:44.000 --> 21:45.000
Oh,

21:45.000 --> 21:46.000
okay.

21:46.000 --> 21:47.000
The,

21:47.000 --> 21:48.000
the question is,

21:48.000 --> 21:49.000
uh,

21:49.000 --> 21:51.000
the BM status is changed,

21:51.000 --> 21:52.000
after,

21:52.000 --> 21:53.000
mutable.

21:53.000 --> 21:54.000
Mutable.

21:54.000 --> 21:55.000
Uh,

21:55.000 --> 21:57.000
is it that one?

21:57.000 --> 21:58.000
Yeah.

21:58.000 --> 21:59.000
Yeah.

22:00.000 --> 22:01.000
Mm-hmm.

22:01.000 --> 22:02.000
Uh-hmm.

22:02.000 --> 22:03.000
Okay.

22:03.000 --> 22:05.000
Hmm.

22:05.000 --> 22:06.000
You can samples right,

22:06.000 --> 22:09.000
uh,

22:09.000 --> 22:11.000
uh,

22:11.000 --> 22:12.000
you potem Get out of the middle.

22:12.000 --> 22:13.000
Boom.

22:13.000 --> 22:15.000
Uh,

22:15.000 --> 22:17.000
you can set-up,

22:17.000 --> 22:19.000
yeah, yeah, yeah.

22:19.000 --> 22:21.000
Yeah, yeah, yeah.

22:21.000 --> 22:23.000
Okay.

22:23.000 --> 22:25.000
We're great to be EM.

22:25.000 --> 22:27.000
Our greatoo to be EM, right?

22:27.000 --> 22:32.000
and you can do it both when you can create them very much, you can create it through the setup mode, right?

22:32.000 --> 22:33.000
Thank you, thank you.

22:33.000 --> 22:42.000
So on AWS, we can set a secure boot. However, we have to prepare keys for secure boot.

22:45.000 --> 22:47.000
Okay, let's see.

22:47.000 --> 22:53.000
You have a set-plus, like, to get to the conclusion that the VTBM is not drastically good.

22:53.000 --> 22:55.000
If you look at it, it can look at it.

22:55.000 --> 22:57.000
Oh, it's open-not.

22:57.000 --> 23:04.000
Like, I think you have to select this open-not, or you actually have to buy a new VTBM.

23:04.000 --> 23:06.000
Is this right?

23:06.000 --> 23:08.000
Yes, we have VTBM, exactly.

23:08.000 --> 23:14.000
And why come to the conclusion that the VTBM is not structured?

23:14.000 --> 23:17.000
Oh, okay.

23:17.000 --> 23:21.000
The question was VTBM.

23:21.000 --> 23:29.000
So I think this failure is changed.

23:29.000 --> 23:32.000
This figure is wrong.

23:32.000 --> 23:35.000
Let's know as runs on VTBM.

23:35.000 --> 23:37.000
VTBM too.

23:37.000 --> 23:42.000
And open H shape runs on VTBM.

23:42.000 --> 23:49.000
And VTBM 0 is measured and target for remote attestation.

23:49.000 --> 23:56.000
So, we can know the VTBM is used.

23:56.000 --> 24:08.000
However, current status, we don't know the hash barring open HCl.

24:08.000 --> 24:12.000
But open H is the same story, but we know...

24:12.000 --> 24:13.000
Yeah, yeah.

24:13.000 --> 24:15.000
Open H is the same situation.

24:15.000 --> 24:23.000
However, we make...

24:23.000 --> 24:28.000
Oh, open H, we can measure, okay.

24:28.000 --> 24:30.000
I'm sorry, no, we don't have time.

24:30.000 --> 24:32.000
Thank you so much.

24:32.000 --> 24:33.000
Thank you.

24:33.000 --> 24:37.000
Thank you.